But was OpPayback – and subsequent DDoS activist campaigns – “a legitimate act of protest, an act of terrorism, or a criminal act?” This is a question that Molly Sauter has sought to answer in her thesis Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet.
The paper sets about describing the history and current practice of DDoS activism in order to provide a ‘framework for a reflective ethical analysis of actions.’ “The question now,” she asks, “is, will the practice of activist DDoS actions continue, or are practical, theoretical, and ethical challenges faced too great to allow for the tactic to be effective?”
One ethical problem is the success of DDoS mitigation service providers. In a nutshell, the early use of ‘volunteer’ activists – enthusiastic but not necessarily expert – is no longer successful. “An ‘arms race’ dynamic has ensued, which encourages the use of non-volunteer botnets and exploits to augment volunteer efforts and which also diminishes the ethical validity of activist DDoS actions.” Put simply, can the use of criminal elements to further political aims be acceptable?
A practical problem is that while activist DDoS has become less successful, criminal DDoS has dominated. “Could activist DDoS actions simply become invisible in the sea of criminal actions?” she asks. Or could DDoS become so common that the media no longer takes any notice, and its raison d’être disappear? It will not, however, go away: it “will remain popular among internet-based fringe groups and subcultures,” particularly those who feel radicalized by ‘group grievances.’
“This radicalization, which occurs most strongly in the aftermath of convictions (such as those of Andrew Aurenheimer, also known as weev; or Jeremy Hammond) or tragedies (such as the suicide of Aaron Swartz), further underlines the perceived disjuncture between behavioral norms in these subcultures (or, in some cases, in more mainstream, technologically sophisticated populations) and the legal response delivered by the state.”
An interesting side-effect of the reducing effectiveness of DDoS by the masses is the growing use of alternative methods by the expert few. “Though not examined in this work,” she says, “the resurgence of tactics like doxing, ‘human flesh search,’ information exfiltration, leaking, defacement, software development, the remote organization of backup internet connectivity in the event of nation-level shutdowns, and large scale data analysis, either automated or human-distributed, are all indicators of innovative developments in tactical and strategic activism.”
But none of this actually answers the original question: should online activism be seen as a legitimate aspect of civil disobedience, or be treated as mere criminality (or cyber-terrorism in the eyes of many politicians)? In some ways, it depends on the overall attitude towards civil disobedience in general. For those who believe in the absolute sanctity of the rule of law, then civil disobedience on the internet is as wrong as it is in the streets. But for those who believe that civil disobedience in the streets is an essential part of the democratic process by delivering dissenting views to those political elements that will not otherwise listen, then civil disobedience on the internet should be seen as equally valid.